Privacy Policy

What Boundary Does

Boundary is a Chrome extension and web dashboard that scans your AI prompts for sensitive data (emails, passwords, API keys, and more) and redacts them before they reach the AI model. Your original, unredacted prompts never leave your browser.

Information We Collect

• Account information: your name and email address, obtained when you sign up with Google or create an account manually.
• Usage metrics: aggregate counts of prompts processed, redactions made, severity levels, and processing times. We collect numbers only, never your actual prompt text.
• Redaction history: we store a one-way cryptographic hash (fingerprint) of each sanitized prompt to power your activity timeline. These hashes cannot be reversed to reconstruct your original text.
• Custom redaction rules: the key-value pairs you define are stored on our servers so they stay in sync across your devices.

Information We Do Not Collect

• Your raw prompts or chat messages. These are processed entirely on your device.
• Any content you type into ChatGPT or other AI platforms.
• Browsing history, cookies, or any activity outside of supported AI sites.
• Payment card details (payments are handled directly by Stripe; we never see your card number).

How We Use Your Information

• To authenticate you and maintain your account.
• To display your usage dashboard and redaction history.
• To sync your custom redaction rules between the extension and the dashboard.
• To respond to support requests and improve the product.

Data Storage & Security

Your data is stored in a secured, encrypted database. All communication between the extension, dashboard, and our servers is encrypted via HTTPS/TLS. Passwords are hashed using industry-standard algorithms and are never stored in plain text. We follow security best practices and perform regular reviews to protect your information.

Data Retention

We retain your account data for as long as your account is active. Redaction history and usage metrics are retained for up to 12 months, after which they are automatically deleted. You can request deletion of your account and all associated data at any time.

Third-Party Services

• Google OAuth: used for sign-in. We receive your name, email address, and profile picture from Google. We do not access your Google Drive, Gmail, or any other Google data.
• Stripe: used for payment processing on Pro plans. Stripe handles all card data; we only store your subscription status.
• Tawk.to: used for live chat support. If you use the chat widget, Tawk.to may collect your name, email, and conversation content per their own privacy policy.

Cookies & Local Storage

We use cookies and browser local storage solely to keep you signed in and remember your preferences. We do not use advertising cookies or third-party tracking cookies.

Your Rights

You have the right to access, correct, or delete the personal data we hold about you. You can request an export or deletion of your account data at any time by emailing us at contact@tryboundary.com. If you are located in the European Economic Area (EEA) or United Kingdom, you also have the right to lodge a complaint with your local data protection authority.

Children's Privacy

Boundary is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us so we can delete it promptly.

Changes to This Policy

If we make material changes to this policy, we will notify you via email or an in-app notice at least 7 days before the changes take effect. Continued use of Boundary after that date constitutes acceptance of the updated policy.

Contact Us

Questions, concerns, or data requests? We're happy to help. Reach us at contact@tryboundary.com.